Installing ELK stack

Followed https://techviewleo.com/install-elastic-stack-elk-on-debian/ ports:

• elasticsearch: 9200
• logstash: 5044
• kibana: 5601
• filebeat

change elasticsearch JVM heap size to use only 1G in /etc/elasticsearch/jvm.options -Xms1g -Xmx1g

Test ElsticSearch

curl --cacert /etc/elasticsearch/certs/http_ca.crt -u elastic http://localhost:9200

Project: analysing Apache server logs from another server

Use a VPN connection.

On remote: (IP x.x.x.2)

• FileBeat: Beats are lightweight agents that are installed on client hosts to collect different types of data for forwarding into the stack.

  
# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["X.X.X.Y:9200"]  # ElasticSearch host IP 

  # Protocol - either `http` (default) or `https`.
  protocol: "http"

  # Authentication credentials - either API key or username/password.
  #api_key: "id:api_key"
  username: "elastic"
  password: "XXX"

• test elasticsearch access, from remote: curl http://X.X.X.Y:9200

On ELK stack machine: (IP x.x.x.1)

• have elasticsearch and kibana running
• test elasticsearch: curl http://localhost:9200